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WHAT IS CLAIMED : 

1. A communications router for use in a communications 
network including a plurality of routers, at least one network 
control computer communicating with said communications router, 
said communications router including a transceiver to transmit 
and receive messages, said communications router comprising: 

an electronic memory circuit having network information 
stored therein; and 

an electronic processor circuit which (i) evaluates an 
excising signal received from the network control computer, the 
excising signal containing information regarding a first router 
of the plurality of routers to be excised from the network; (ii) 
determines an authenticity of the excising signal; (iii) excises 
the first router when the excising signal is authenticated; and 
(iv) reroutes the excising signal to at least a second router of 
the plurality of routers when the excising signal is 
authenticated . 

2. A communications router according to Claim 1, 
wherein said electronic processor circuit excises the first 
router by (a) adding the first router to information regarding 
routers stored in said electronic memory circuit, (b) removing 
from said electronic memory circuit routing updates corresponding 
to the first router, (c) removing the first router from a 
neighbor table stored in said electronic memory circuit when the 
first router is listed therein, and (d) recomputing a for^A^arding 
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table to direct future routing. 



3 . 



A communications router according to Claim 2, 



wherein said electronic processor circuit further causes a 
message to be transmitted to the network control computer and to 
5 disregard the excising signal each when the excising signal is 
not authentic . 



wherein said electronic processor circuit further: (i) evaluates 
a signal received through the transceiver from another network 
Oo router; (ii) identifies which network router the signal has been 
Ln received from; (iii) determines if the network router is listed 
gi with the information regarding excised routers; (iv) discards the 
Q signal when the router is listed; and (v) processes the signal 
7" when the router is not listed. 

!l'5 5. A communications router according to Claim 1, 

^ wherein said electronic processor circuit determines the 
O authenticity of the excising signal using a public encryption 
key . 

6. A communications router according to Claim 1, 

20 wherein said electronic processor reinstates the first station 

when said communications router receives and verifies a reinstate 
message from the network control computer. 

7 . In a communications system for communications among 
a plurality of routers in a network, at least one network control 

32 



4. 



A communications router according to Claim 3 , 
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computer being linked to a first router of the plurality of 
routers, each of the communications routers including a 
transceiver to transmit and receive messages, a method of 
operating the first router comprising the steps of: 



control computer, the excising signal containing information 
regarding a second router of the plurality of routers to be 
excised from the network; 

determining an authenticity of the excising signals- 
excising the second router when the excising signal is 
au then tic; and 

rerouting the excising signal to at least a third 
router of the plurality of routers. 

8. A method according to Claim 7, wherein said 
excising step comprises (a) adding the second router to 
information regarding routers stored in a memory, (b) removing 
from the communications router routing updates corresponding to 
the second router, (c) removing the second router from a neighbor 
table of the communications router when the second router is 
listed therein, and (d) recomputing a forwarding table. 



steps of transmitting a message to the network control computer 
and disregarding the excising signal when the excising signal is 



evaluating an excising signal received from the network 



9. 



A method according to Claim 8, further comprising 
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not authentic . 

10. A method according to Claim 8, further comprising 
the steps of: 

evaluating a signal received through the transceiver 
5 from another network router; 

identifying which network router a signal has just been 
received from; 

determining if the network router is identified by the 
^ information regarding excised routers; 

'So discarding the signal when the router is listed; and 

□ processing the signal when the router is not listed. 

= 11. A method according to Claim 7, further comprising 

O 

m the steps of: 

^ evaluating a signal received through the transceiver 

^5 from another network router; 

identifying which network router the signal has just 
been received from; 

determining if the network router is identified by 
information regarding non-compromised routers stored in a memory; 

20 discarding the signal when the router is not listed; 

and 
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processing the signal when the router is listed. 

12. A method according to Claim 7, wherein said 
excising step comprises (a) removing the second router from 
information regarding non-compromised routers stored in a memory, 
5 (b) removing from the communications router routing updates 
corresponding to the second router, (c) removing the second 
router from a neighbor table of the communications router when 
the second router is listed therein, and (d) recomputing a 
forwarding table . 

^0 13. A method according to Claim 12, further comprising 

4] steps of transmitting a message to the network control computer, 

. J—: 

yj and disregarding the excising signal when the excising signal is 

Q 

O not authenticated. 

i.r r 

3 

p 14 . A method according to Claim 7, wherein the 

yL5 excising signal is authenticated using a public encryption key. 

p 15. A communications router according to Claim 7, 

further comprising the step of reinstating the second station 
when the communications router receives and verifies a reinstate 
message from the network control computer. 

20 16. A mobile communications station which communicates 

among a plurality of mobile stations in an ad-hoc network in 
which stations are arranged in clusters of communication member 
stations, with one member station in each cluster being a head 
station for the cluster, each member station communicating with 
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the network through at least one cluster head station, a cluster 
head station communicating with zero or more cluster head 
stations, the mobile station including a transceiver which 
transmits signals to and receives signals from mobile stations in 
the network, a network computer being linked with said mobile 
communications station, said mobile communications station 
comprising : 

a memory having network information stored thereon; and 

a processor which (i) operates said mobile station as a 
cluster head or cluster member station; (ii) evaluates an 
excising signal received from the network control computer, the 
excising signal containing information regarding a first cluster 
head or cluster member station to be excised from the network; 
(iii) verifies the authenticity of the excising signal; (iv) 
excises the first cluster head or cluster member station when the 
excising signal is authentic; and (v) distributes the excising 
signal to at least a second cluster head or cluster member 
station . 



17. In a communications system for communications in a 
network among a plurality of wireless routers, at least one 
control computer being linked to a first router of the plurality 
of routers, each of the routers including a transceiver to 
transmit and receive messages, a method of operating the network 
comprising the steps of: 

formulating in the control computer an excise signal 
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indicating at least a second router to be excised from the 
network, providing a digital signature of the control computer on 
the excise signal and transmitting the excise signal to the first 
router; 

verifying the signature on the excise signal in the 
first router, and when the signature is valid (a) adding the 
information identifying the second router to information 
regarding excised routers stored in memory of the first router, 
(b) removing from the first router routing updates corresponding 
to the second router, (c) removing information corresponding to 
the second router from a neighbor table of the first router when 
the second router is listed therein, and (d) recomputing a 
forwarding table in the first router; 

redistributing the excise signal to each of the 

plurality of routers, except for the second router; and 

determining, in each of the plurality of routers when 
receiving a message from another one of the plurality of routers, 
an identifier for the router from which the message is received 
and processing the message only when the information regarding 
excised routers does not include the identifier. 

18. The method according to Claim 17, further 
comprising steps of transmitting a message to the control 
computer from the first router and causing the first router to 
disregard the excise signal each when the excise signal is not 
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authentic . 

19. A method according to Claim 18, wherein the 
digital signature is validated using a public encryption key. 

20. A method according to Claim 19, further comprising 
the step of reinstating the excised second router. 

21. A method according to Claim 20, wherein a router 
disregards the message when the information regarding excised 
routers includes the identifier. 

22 . In a communications system for communications in a 
network among a plurality of wireless routers, at least one 
control computer being linked to a first router of the plurality 
of routers, each of the routers including a transceiver to 
transmit and receive messages, a method of operating the network 
comprising the steps of: 

formulating in the control computer an excise signal 
indicating at least a second router to be excised from the 
network, providing a digital signature of the control computer on 
the excise signal and transmitting the excise signal to the first 
router; 

verifying the signature on the excise signal in the 
first router, and when the signature is valid removing the 
information identifying the second router from information 
regarding non-compromised routers stored in memory of the first 
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routers- 



redistributing the excise signal to each of the 



plurality of routers, except for the second router; and 



determining, in each of the plurality of routers when 



5 receiving a message from another one of the plurality of routers, 
an identifier for the router from which the message is received 
from and processing the message only when the information 
regarding non-compromised routers includes the identifier. 

^ 23. The method according to Claim 22, further 

5 a 

=lio comprising steps of transmitting a message to the control 

y i 

^ computer from the first router and causing the first router to 

y disregard the excise signal each when the excise signal is not 

-5 authentic . 



yl5 communications network, the network including a plurality of 

PI 

p routers, at least one network control computer communicating with 
said communications router, said communications router including 
a transceiver to transmit and receive messages, said 
communications router comprising: 

20 means for storing network information; 

means for evaluating an excising signal received from 
the network control computer, the excising signal containing 
information regarding a first router of the plurality of routers 



24. 



A communications router for use in a 
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to be excised from the networks- 



means for authenticating the excising signal; 



means for excising the first router when the excising 



signal is authentic; and 



means for rerouting the excising signal to at least a 



second router of the plurality of routers. 



25. 



In a communications system for communications 



among a plurality of routers in a network, at least one computer 
being linked to a first router of the plurality of routers, a 
method of operating the network comprising the steps of: 



from the control computer, the signal identifying at least one 
router to be cut-off from communicating with the networks- 
preventing the first router from communicating with the 
at least one cut-off router when the signal is authenticated; 

redistributing the cut-off signal to each of the 
plurality of routers, except for the at least one cut-off router, 
and preventing each of the remaining routers from communicating 
with the at least one cut-off router. 



the plurality of routers, the router determines if the message is 
from the at least one cut-off router, and processes the message 
only when the message is not from the at least one cut-off 



authenticating in the first router a signal received 



wherein when a router receives a message from one of 
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router . 

26. In a communications system for communication among 
a plurality of routers in a network, at least one computer being 
linked to a first router of the plurality of routers, a method of 
operating the network comprising the steps of: 

authenticating in the first router a signal received 
from the control computer, the signal identifying at least one 
router to be cut-off from communicating with the network; 

preventing the first router from communicating with the 
at least one cut-off router when the signal is authenticated; 

redistributing the cut-off signal to each of the 
plurality of routers, except for the at least one cut-off router, 
and preventing each of the remaining routers from communicating 
with the at least one cut-off router, 

wherein when a router receives a message from one of 
the plurality of routers, the router determines if the message is 
from a router other than the at least one cut-off router, and 
processes the message only when the message is from a router 
other than the at least one cut-off router. 

27. In a communications system for communications 
among a plurality of routers in a network having verifiable 
information identifying at least one compromised router, a method 
of operating the network comprising the steps of: 
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excising a compromised router from the network; and 

determining whether messages transmitted between the 
plurality of routers are from the compromised router. 

28. The method according to Claim 27, further 
comprising a step of reinstating the compromised router when it 
becomes non-compromised . 

29. The method according to Claim 27, wherein the 
plurality of routers are prevented from communicating with the 
compromised router. 

30. The method according to Claim 29, wherein said 
determining step comprises consulting a data structure 
representing excised routers to determine if the router is non- 
compromised. 

31. The method according to Claim 29, wherein said 
determining step comprises consulting a data structure 
representing trusted routers to determine if the router is non- 
compromised, 

32. Computer executable code stored on a computer 
readable medium, the code to operate a communications router in 
network having a plurality of routers, at least one computer 
being linked to the communications router, each of the plurality 
of routers including a transceiver to transmit and receive 
messages, said computer executable code comprising: 
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code to excise a compromised router from the network; 



code to verify that messages transmitted among the 
plurality of routers are from non-compromised routers; and 

code to reinstate the compromised router when it 
becomes non- compromised . 



among a plurality of routers in a network, each of the routers 
maintaining information regarding compromised routers in the 
network, a method of operating a network router comprising the 
steps of: 

receiving a message from one of the plurality of 
routers in the network; 

determining a router identifier for the router that 
just transmitted the message; 

determining whether the information regarding 
compromised routers in the network includes the router 
identifier; and 

disregarding the message when the router is listed in 
the information regarding compromised routers. 



among a plurality of routers in a network, each of the routers 
maintaining information regarding non-compromised routers in the 
network, a method of operating a network router comprising the 



33 . 



In a communications system for communications 



34. 



In a communications system for communications 
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steps of: 



receiving a message from one of the plurality of 



routers in the network; 



determining a router identifier for the router that 



just transmitted the message; 



determining whether the information regarding non- 



compromised routers in the network includes the router 
identifier; and 

disregarding the message when the router is not listed 
in the information regarding non-compromised routers. 



ad-hoc network, the network including a plurality of routers, at 
least one network control computer communicates with at least one 
of the plurality of routers, said method comprising the steps of: 

determining a compromised router of the plurality of 
routers in the network; 

excising the compromised router from the network; and 

preventing the plurality of routers from communicating 
with the compromised router. 

36. The method according to Claim 35, wherein said 
determining step comprises determining a compromised router 
through embedded firewall functionality provided in each of the 
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A method of excising a compromised router from an 



S^p)350US 

^ DOCKE 



EXPRESS MAIL NO. EK6^HD350US Wm PATENT 

DOCKET NO. 00-4010 

plurality of routers. 



